package com.bw.xiaosy.shiro;

import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authc.AuthenticationFilter;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 * 登陆过滤器
 *
 * @author Xiaosy
 * @date 2017-04-07 9:41
 */
public class LoginFilter extends AuthenticationFilter{

    @Override
    protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object o) {
        HttpServletRequest request = (HttpServletRequest) servletRequest;
        String path = request.getServletPath();
        NotAuthorizationBean bean = new NotAuthorizationBean(path);
        if(ShiroUtil.isContains(bean))
        {
            //不需要认证
            return true;
        }
        Subject subject = getSubject(servletRequest,servletResponse);
        if(subject.getPrincipals() != null)
        {
            return true;
        }
        return false;
    }

    @Override
    protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        ShiroUtil.writeResponse((HttpServletResponse) servletResponse,new Result(AuthorizationStatus.NOT_LOGIN));
        return false;
    }


}
